[MaraDNS list] MaraDNS and Deadwood updates ; djbdns rant

Rich Felker dalias at aerifal.cx
Sat Jul 21 18:51:55 EDT 2012


On Sat, Jul 21, 2012 at 03:11:46PM -0400, Sam Trenholme wrote:
> ==Deadwood update==
> 
> I have updated the patch resolving the problem Deadwood had with
> es-us.noticias.yahoo.com last month so that, should a similar issue
> pop up in the future, Deadwood logs messages (starting at log level
> 100) describing the issue. In addition, in light of Rich Felker's
> concerns a couple of months ago with MaraDNS' handling of malloc() I
> have replaced all calls to "malloc()" in the code with "dw_malloc()",
> which is simply a macro that is replaced with "malloc()".
> 
> Doing this would make it easier for one to replace malloc() in
> Deadwood with something that more gracefully handles malloc()
> failures, such as blocking Deadwood until malloc() succeeds again, or
> by having malloc() failures terminate Deadwood and wrapping Deadwood
> in a script that restarts it when terminated. Since I am in debug, not
> develop mode, I have no plans to implement this kind of code myself.
> Deadwood was written for Linux and Windows; Linux does not, by
> default, have malloc() fail; it simply terminates processes that use
> too much memory.

This is false. Even if you leave overcommit enabled, 32-bit Linux on a
machine with >3gb of memory will run out of virtual address space
before it runs out of physical memory and thus malloc will return
null. This is an extremely common (possibly majority) setup.

> ==djbdns userbase rant==
> 
> I need to stop trying to point out djbdns' problems with its users;
> pretty much every time I do, the djbdns user is completely unwilling
> to acknowledge that, yes, djbdns has security problems.  They usually,
> as part of their denial mechanism, accuse me of spamming for MaraDNS.

I understand that you don't want to spend more time working on MaraDNS
and that's a valid sentiment. However, I think your handling of the
issues I've reported can equally be characterized as denialism. If
you're sure all failed allocations cause SIGSEGV due to immediate
dereferencing at zero (or low) offset, then the bug is at worst
"MaraDNS can be made to crash", but the attitude that MaraDNS has
undefined behavior under resource exhaustion is very troubling from a
security standpoint. I think it would be a lot more fair to users to
say something along the lines of "This problem exists, and it may be
serious, but I'm not willing to devote time to fixing it."

Rich


More information about the list mailing list